A Brief Look Inside Google’s New Privacy Framework

I don’t think anyone’s surprised that the United States Government is currently looking to develop new, updated privacy legislation, a-la the GDPR. It was only a matter of time before it happened, after all. And it’s even less surprising that major Internet corporations like Google (I suppose they’re called Alphabet now) want to be involved.

To wit, on Monday everyone’s favorite tech giant released a three-page document titled Framework for Responsible Data Protection Regulation. It’s also hired its privacy lawyer, Keith Enright, to serve as its Chief Privacy Officer. Enright, who testified Wednesday before the Senate Committee on Commerce, Science, and Transportation, will be responsible for overseeing Google’s evolving privacy policy and ensuring compliance with all relevant legislation.

“In the digital era, a growing array of organizations use personal data to provide a growing range of services,” the document reads. “Responsible data use can unlock benefits for people, companies, and other organizations around the world…This framework helpsGoogle evaluate legal proposals and advocate for smart, interoperable, and adaptable dataprotection regulations.”

The document, which is based on a number of pre-existing privacy frameworks and policies, is designed to serve as a baseline for US legislation. It’s all fairly reasonable stuff, as well – valuable even if you aren’t a legislator. In broad strokes, here are Google’s guidelines:

Be responsible. Respect the interests of the people the data belongs to, and take responsibility for minimizing harm and maximizing value.

Be transparent. People should know exactly what kind of personal information a company is collecting about them, why it’s being collected, and how that information will be used.

Be reasonable.Place limitations on how data is collected, used, and disclosed. Use your best judgment to ensure you operate with the best interests of your customers in mind

Be conscientious. Keep all information up to date, accurate, and complete as necessary for the purposes it was originally collected.

Allow people to control their data. Although you don’t need a consent button for every single product and service on your website, what you do need is a means of allowing people to control, in general terms, how their data is used – and giving them the ownership to access, correct, delete, or download any information you’ve collected.

Be secure. Basically, take the necessary steps to keep the data you collect from falling into the wrong hands.

This is all stuff Google does already – and it’s stuff your own organization should be doing as well, now more than ever. The document then goes on to discuss the role and responsibilities of lawmakers in this whole process, including what distinctions privacy legislation should make between different types of businesses. Not really important for what we’re discussing here, but it could be an interesting read if you’re curious as to how national privacy law might develop over the next several years.

If you weren’t paying attention to user privacy before, it’s high time you start. Pretty soon, you’re going to have more than the GDPR to worry about. Google’s privacy document provides a decent starting point – a framework through which you can improve your own data processing and policies.

I’d strongly suggest giving it a read with a mind to apply it to your own website, and your own business.